feat(client-iam): Support for a new API "GetMFADevice" to present MFA…

… device metadata such as device certifications

clients/client-iam/README.md

@@ -711,6 +711,14 @@ GetLoginProfile
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/classes/getloginprofilecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/interfaces/getloginprofilecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/interfaces/getloginprofilecommandoutput.html)
 
+</details>
+<details>
+<summary>
+GetMFADevice
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/classes/getmfadevicecommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/interfaces/getmfadevicecommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-iam/interfaces/getmfadevicecommandoutput.html)
+
 </details>
 <details>
 <summary>

clients/client-iam/src/IAM.ts

@@ -289,6 +289,11 @@ import {
   GetLoginProfileCommandInput,
   GetLoginProfileCommandOutput,
 } from "./commands/GetLoginProfileCommand";
+import {
+  GetMFADeviceCommand,
+  GetMFADeviceCommandInput,
+  GetMFADeviceCommandOutput,
+} from "./commands/GetMFADeviceCommand";
 import {
   GetOpenIDConnectProviderCommand,
   GetOpenIDConnectProviderCommandInput,
@@ -770,6 +775,7 @@ const commands = {
   GetGroupPolicyCommand,
   GetInstanceProfileCommand,
   GetLoginProfileCommand,
+  GetMFADeviceCommand,
   GetOpenIDConnectProviderCommand,
   GetOrganizationsAccessReportCommand,
   GetPolicyCommand,
@@ -1864,6 +1870,17 @@ export interface IAM {
     cb: (err: any, data?: GetLoginProfileCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link GetMFADeviceCommand}
+   */
+  getMFADevice(args: GetMFADeviceCommandInput, options?: __HttpHandlerOptions): Promise<GetMFADeviceCommandOutput>;
+  getMFADevice(args: GetMFADeviceCommandInput, cb: (err: any, data?: GetMFADeviceCommandOutput) => void): void;
+  getMFADevice(
+    args: GetMFADeviceCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetMFADeviceCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link GetOpenIDConnectProviderCommand}
    */

clients/client-iam/src/IAMClient.ts

@@ -201,6 +201,7 @@ import { GetGroupCommandInput, GetGroupCommandOutput } from "./commands/GetGroup
 import { GetGroupPolicyCommandInput, GetGroupPolicyCommandOutput } from "./commands/GetGroupPolicyCommand";
 import { GetInstanceProfileCommandInput, GetInstanceProfileCommandOutput } from "./commands/GetInstanceProfileCommand";
 import { GetLoginProfileCommandInput, GetLoginProfileCommandOutput } from "./commands/GetLoginProfileCommand";
+import { GetMFADeviceCommandInput, GetMFADeviceCommandOutput } from "./commands/GetMFADeviceCommand";
 import {
   GetOpenIDConnectProviderCommandInput,
   GetOpenIDConnectProviderCommandOutput,
@@ -511,6 +512,7 @@ export type ServiceInputTypes =
   | GetGroupPolicyCommandInput
   | GetInstanceProfileCommandInput
   | GetLoginProfileCommandInput
+  | GetMFADeviceCommandInput
   | GetOpenIDConnectProviderCommandInput
   | GetOrganizationsAccessReportCommandInput
   | GetPolicyCommandInput
@@ -674,6 +676,7 @@ export type ServiceOutputTypes =
   | GetGroupPolicyCommandOutput
   | GetInstanceProfileCommandOutput
   | GetLoginProfileCommandOutput
+  | GetMFADeviceCommandOutput
   | GetOpenIDConnectProviderCommandOutput
   | GetOrganizationsAccessReportCommandOutput
   | GetPolicyCommandOutput

clients/client-iam/src/commands/AttachGroupPolicyCommand.ts

@@ -38,7 +38,9 @@ export interface AttachGroupPolicyCommandOutput extends __MetadataBearer {}
  * @public
  * <p>Attaches the specified managed policy to the specified IAM group.</p>
  *          <p>You use this operation to attach a managed policy to a group. To embed an inline
- *             policy in a group, use <a>PutGroupPolicy</a>.</p>
+ *             policy in a group, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutGroupPolicy.html">
+ *                <code>PutGroupPolicy</code>
+ *             </a>.</p>
  *          <p>As a best practice, you can validate your IAM policies.
  *      To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html">Validating IAM policies</a>
  *             in the <i>IAM User Guide</i>.</p>

clients/client-iam/src/commands/AttachRolePolicyCommand.ts

@@ -41,13 +41,19 @@ export interface AttachRolePolicyCommandOutput extends __MetadataBearer {}
  *             (access) policy.</p>
  *          <note>
  *             <p>You cannot use a managed policy as the role's trust policy. The role's trust
- *                 policy is created at the same time as the role, using <a>CreateRole</a>.
- *                 You can update a role's trust policy using <a>UpdateAssumeRolePolicy</a>.</p>
+ *                 policy is created at the same time as the role, using <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html">
+ *                   <code>CreateRole</code>
+ *                </a>. You can update a role's trust policy using
+ *                     <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html">
+ *                   <code>UpdateAssumerolePolicy</code>
+ *                </a>.</p>
  *          </note>
  *          <p>Use this operation to attach a <i>managed</i> policy to a role. To embed
- *             an inline policy in a role, use <a>PutRolePolicy</a>. For more information
- *             about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed policies and inline
- *                 policies</a> in the <i>IAM User Guide</i>.</p>
+ *             an inline policy in a role, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutRolePolicy.html">
+ *                <code>PutRolePolicy</code>
+ *             </a>. For more information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
+ *                 policies and inline policies</a> in the
+ *             <i>IAM User Guide</i>.</p>
  *          <p>As a best practice, you can validate your IAM policies.
  *      To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html">Validating IAM policies</a>
  *             in the <i>IAM User Guide</i>.</p>

clients/client-iam/src/commands/AttachUserPolicyCommand.ts

@@ -38,7 +38,9 @@ export interface AttachUserPolicyCommandOutput extends __MetadataBearer {}
  * @public
  * <p>Attaches the specified managed policy to the specified user.</p>
  *          <p>You use this operation to attach a <i>managed</i> policy to a user. To
- *             embed an inline policy in a user, use <a>PutUserPolicy</a>.</p>
+ *             embed an inline policy in a user, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html">
+ *                <code>PutUserPolicy</code>
+ *             </a>.</p>
  *          <p>As a best practice, you can validate your IAM policies.
  *      To learn more, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html">Validating IAM policies</a>
  *             in the <i>IAM User Guide</i>.</p>

clients/client-iam/src/commands/GetMFADeviceCommand.ts

@@ -0,0 +1,154 @@
+// smithy-typescript generated code
+import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint";
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+} from "@aws-sdk/types";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http";
+import { SerdeContext as __SerdeContext } from "@smithy/types";
+
+import { IAMClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IAMClient";
+import { GetMFADeviceRequest, GetMFADeviceResponse } from "../models/models_0";
+import { de_GetMFADeviceCommand, se_GetMFADeviceCommand } from "../protocols/Aws_query";
+
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetMFADeviceCommand}.
+ */
+export interface GetMFADeviceCommandInput extends GetMFADeviceRequest {}
+/**
+ * @public
+ *
+ * The output of {@link GetMFADeviceCommand}.
+ */
+export interface GetMFADeviceCommandOutput extends GetMFADeviceResponse, __MetadataBearer {}
+
+/**
+ * @public
+ * <p>Retrieves information about an MFA device for a specified user.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { IAMClient, GetMFADeviceCommand } from "@aws-sdk/client-iam"; // ES Modules import
+ * // const { IAMClient, GetMFADeviceCommand } = require("@aws-sdk/client-iam"); // CommonJS import
+ * const client = new IAMClient(config);
+ * const input = { // GetMFADeviceRequest
+ *   SerialNumber: "STRING_VALUE", // required
+ *   UserName: "STRING_VALUE",
+ * };
+ * const command = new GetMFADeviceCommand(input);
+ * const response = await client.send(command);
+ * // { // GetMFADeviceResponse
+ * //   UserName: "STRING_VALUE",
+ * //   SerialNumber: "STRING_VALUE", // required
+ * //   EnableDate: new Date("TIMESTAMP"),
+ * //   Certifications: { // CertificationMapType
+ * //     "<keys>": "STRING_VALUE",
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param GetMFADeviceCommandInput - {@link GetMFADeviceCommandInput}
+ * @returns {@link GetMFADeviceCommandOutput}
+ * @see {@link GetMFADeviceCommandInput} for command's `input` shape.
+ * @see {@link GetMFADeviceCommandOutput} for command's `response` shape.
+ * @see {@link IAMClientResolvedConfig | config} for IAMClient's `config` shape.
+ *
+ * @throws {@link NoSuchEntityException} (client fault)
+ *  <p>The request was rejected because it referenced a resource entity that does not exist. The
+ *       error message describes the resource.</p>
+ *
+ * @throws {@link ServiceFailureException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception or
+ *       failure.</p>
+ *
+ * @throws {@link IAMServiceException}
+ * <p>Base exception class for all service exceptions from IAM service.</p>
+ *
+ */
+export class GetMFADeviceCommand extends $Command<
+  GetMFADeviceCommandInput,
+  GetMFADeviceCommandOutput,
+  IAMClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  public static getEndpointParameterInstructions(): EndpointParameterInstructions {
+    return {
+      UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
+      Endpoint: { type: "builtInParams", name: "endpoint" },
+      Region: { type: "builtInParams", name: "region" },
+      UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
+    };
+  }
+
+  /**
+   * @public
+   */
+  constructor(readonly input: GetMFADeviceCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: IAMClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<GetMFADeviceCommandInput, GetMFADeviceCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+    this.middlewareStack.use(getEndpointPlugin(configuration, GetMFADeviceCommand.getEndpointParameterInstructions()));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "IAMClient";
+    const commandName = "GetMFADeviceCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: (_: any) => _,
+      outputFilterSensitiveLog: (_: any) => _,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  /**
+   * @internal
+   */
+  private serialize(input: GetMFADeviceCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return se_GetMFADeviceCommand(input, context);
+  }
+
+  /**
+   * @internal
+   */
+  private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<GetMFADeviceCommandOutput> {
+    return de_GetMFADeviceCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}

clients/client-iam/src/commands/PutGroupPolicyCommand.ts

@@ -39,8 +39,12 @@ export interface PutGroupPolicyCommandOutput extends __MetadataBearer {}
  * <p>Adds or updates an inline policy document that is embedded in the specified IAM
  *             group.</p>
  *          <p>A user can also have managed policies attached to it. To attach a managed policy to a
- *             group, use <a>AttachGroupPolicy</a>. To create a new managed policy, use
- *                 <a>CreatePolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
+ *             group, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html">
+ *                <code>AttachGroupPolicy</code>
+ *             </a>. To create a new managed policy, use
+ *                 <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">
+ *                <code>CreatePolicy</code>
+ *             </a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
  *                 policies and inline policies</a> in the
  *             <i>IAM User Guide</i>.</p>
  *          <p>For information about the maximum number of inline policies that you can embed in a

clients/client-iam/src/commands/PutRolePolicyCommand.ts

@@ -40,12 +40,21 @@ export interface PutRolePolicyCommandOutput extends __MetadataBearer {}
  *             role.</p>
  *          <p>When you embed an inline policy in a role, the inline policy is used as part of the
  *             role's access (permissions) policy. The role's trust policy is created at the same time
- *             as the role, using <a>CreateRole</a>. You can update a role's trust policy
- *             using <a>UpdateAssumeRolePolicy</a>. For more information about IAM roles,
- *             see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html">Using roles to
- *                 delegate permissions and federate identities</a>.</p>
+ *             as the role, using <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html">
+ *                <code>CreateRole</code>
+ *             </a>.
+ *             You can update a role's trust policy using <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html">
+ *                <code>UpdateAssumerolePolicy</code>
+ *             </a>. For more information about IAM
+ *             roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html">Using
+ *                 roles to delegate permissions and federate identities</a>.</p>
  *          <p>A role can also have a managed policy attached to it. To attach a managed policy to a
- *             role, use <a>AttachRolePolicy</a>. To create a new managed policy, use <a>CreatePolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
+ *             role, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html">
+ *                <code>AttachRolePolicy</code>
+ *             </a>. To create a new managed policy, use
+ *                 <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">
+ *                <code>CreatePolicy</code>
+ *             </a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
  *                 policies and inline policies</a> in the
  *             <i>IAM User Guide</i>.</p>
  *          <p>For information about the maximum number of inline policies that you can embed with a

clients/client-iam/src/commands/PutUserPolicyCommand.ts

@@ -39,8 +39,12 @@ export interface PutUserPolicyCommandOutput extends __MetadataBearer {}
  * <p>Adds or updates an inline policy document that is embedded in the specified IAM
  *             user.</p>
  *          <p>An IAM user can also have a managed policy attached to it. To attach a managed
- *             policy to a user, use <a>AttachUserPolicy</a>. To create a new managed
- *             policy, use <a>CreatePolicy</a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
+ *             policy to a user, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html">
+ *                <code>AttachUserPolicy</code>
+ *             </a>. To create a new managed policy, use
+ *                 <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html">
+ *                <code>CreatePolicy</code>
+ *             </a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed
  *                 policies and inline policies</a> in the
  *             <i>IAM User Guide</i>.</p>
  *          <p>For information about the maximum number of inline policies that you can embed in a

clients/client-iam/src/commands/UntagMFADeviceCommand.ts

@@ -14,7 +14,7 @@ import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@s
 import { SerdeContext as __SerdeContext } from "@smithy/types";
 
 import { IAMClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IAMClient";
-import { UntagMFADeviceRequest } from "../models/models_0";
+import { UntagMFADeviceRequest } from "../models/models_1";
 import { de_UntagMFADeviceCommand, se_UntagMFADeviceCommand } from "../protocols/Aws_query";
 
 /**

clients/client-iam/src/commands/UntagOpenIDConnectProviderCommand.ts

@@ -14,7 +14,7 @@ import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@s
 import { SerdeContext as __SerdeContext } from "@smithy/types";
 
 import { IAMClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IAMClient";
-import { UntagOpenIDConnectProviderRequest } from "../models/models_0";
+import { UntagOpenIDConnectProviderRequest } from "../models/models_1";
 import { de_UntagOpenIDConnectProviderCommand, se_UntagOpenIDConnectProviderCommand } from "../protocols/Aws_query";
 
 /**

clients/client-iam/src/commands/index.ts

@@ -62,6 +62,7 @@ export * from "./GetGroupCommand";
 export * from "./GetGroupPolicyCommand";
 export * from "./GetInstanceProfileCommand";
 export * from "./GetLoginProfileCommand";
+export * from "./GetMFADeviceCommand";
 export * from "./GetOpenIDConnectProviderCommand";
 export * from "./GetOrganizationsAccessReportCommand";
 export * from "./GetPolicyCommand";